Your own DB ‘Big Brother’

oracledisect — Thu, 13 Mar 2008 14:41:00 +0000

How many times you have been in the unfortunate situation where something catastrophic has happened, caused by an OSI ‘Layer-8′ error, you’ve been asked whom did that… and you don’t have a clue.

Well, for those cases Oracle provides a very useful auditing feature, that is very simple to enable.

Usually you start enabling auditing on users that have the privilege to do the activity you are interested on, after you may enable auditing on users suspicious of trying to do something they don’t have the privilege to.

Let’s give a short example, given the case I want to track who drops or modifies any user.

SQL> alter system set audit_trail=DB scope=spfile;

or edit your pfile to reflect above settingSQL> shutdownSQL> startupSQL> audit drop user by admin;

SQL> audit alter user by admin;

SQL> alter user scott identified by tigre;User AlteredSQL> select count(*) sys.aud$;

How do you check what is fasible to audit or what is beeing audited, you must check these views:
* SYSTEM_PRIVILEGE_MAP
* DBA_PRIV_AUDIT_OPTS
* DBA_AUDIT_OBJECT

If those views aren’t available then you must create them running the cataudit.sql script from $ORACLE_HOME/rdbms/admin.

Further explanation you may find in the Oracle Database Administration Guide.

Please, before you go, don’t forget to vote the poll regarding the content of this blog, thank you!

Oracle Database Disected Weblog » Security

Your own DB ‘Big Brother’